PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass Vulnerability
29 May. 2011
Summary
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Postgres Plus Advanced Server DBA Management Server.
Vulnerable Systems:
* PostgreSQL Plus Advanced Server DBA Management Server
Authentication is not required to exploit this vulnerability.
The flaw exists within the DBA Management Server component which listens by default on TCP ports 9000 and 9363. When handling client authentication the server does not properly enforce restrictions on accessing the jmx-console or web-console directly. These consoles allow arbitrary instantiation of classes. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the server.
Patch Availability:
This update is available through the Postgres Plus Advanced Server - StackBuilder Plus Module only.
Please perform the following steps in order to update your DBA Management Server for Postgres Plus Advanced Server. It is recommended that you backup your files before performing the upgrade.
1. Right-Click on the System tray icon (PostgreSQL Elephant) and select 'Install Updates'.
OR
Run StackBuilder Plus directly from the Application Menu. The update will automatically be selected and displayed in bold.
2. Click Next and choose the download directory (where the update will be downloaded).
3. The installation program will start once the download is complete.
Disclosure Timeline:
2011-01-04 - Vulnerability reported to vendor
2011-03-02 - Coordinated public release of advisory
